A new phishing campaign is targeting MetaMask users with counterfeit security alerts and fake two-factor authentication (2FA) requests, according to a warning from blockchain security firm SlowMist.
The scheme underscores growing concerns around wallet security, as attackers increasingly favor social engineering tactics over direct technical exploits.
Fake MetaMask Alerts Mimic Legitimate Security Checks
The warning was issued on X by 23pds, a partner and Chief Information Security Officer at SlowMist.
According to his analysis, attackers are recreating MetaMask-style security alert pages that closely resemble legitimate prompts. Once users land on these pages, they are led through a fabricated verification flow that mimics a standard 2FA process.
Typically, the scam begins with an urgent security warning, followed by a verification screen that appears authentic. To heighten pressure and reduce scrutiny, the interface includes a countdown timer throughout the process.
In the final step, users are instructed to enter their wallet recovery phrase. By complying, victims unknowingly grant attackers full access to their wallets, 23pds warned.
To raise visibility, 23pds tagged MetaMask’s official X account in the post. However, as of the time of reporting, MetaMask had not issued a public response.
Warning Emerges After Trust Wallet Security Incident
The MetaMask phishing alert surfaced shortly after a confirmed security breach involving Trust Wallet.
Last month, on-chain investigator ZachXBT reported suspicious activity after multiple Trust Wallet account holders disclosed unauthorized withdrawals. Since the transactions occurred within a narrow time frame, they immediately raised red flags.
Early blockchain analysis suggested losses exceeding $7 million, affecting hundreds of wallet addresses. Later that same day, Trust Wallet addressed the incident publicly on X.
The company confirmed that the breach was limited to Browser Extension version 2.68. Additionally, it announced that refunds were being issued to users with verified losses. No other versions, however, were reported as affected.
Another Theft Wave Detected Across Multiple Blockchains
Soon after, on January 2, ZachXBT identified another coordinated theft campaign. Although described as lower profile, the activity spanned multiple EVM blockchains. Initial estimates placed losses at approximately $107,000, with totals continuing to rise.
Specifically, Ethereum accounted for the largest share, at roughly $54,655, followed by BNB Chain, which incurred losses of nearly $25,545.
Smaller amounts were traced to Base, Arbitrum, and Polygon, with additional thefts observed on Optimism, Ink, Zora, Linea, and Manta Pacific.
Industry Data Shows Rising Crypto Crime
These incidents, therefore, reflect a broader upward trend in crypto-related crime. According to Chainalysis, crypto theft surpassed $3.41 billion between January and early December 2025, slightly exceeding the $3.38 billion recorded during the same period in 2024.
Taken together, the events highlight a continued shift toward phishing and social engineering attacks. As a result, security researchers continue to emphasize user awareness as a primary defense.
Entering recovery phrases during prompted “security checks” remains one of the most common causes of wallet compromise. As attack methods evolve, vigilance remains essential for crypto users.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
TRON 
Lido Staked Ether 
Dogecoin 